[GIT PULL] SELinux patches for 4.12

Paul Moore paul at paul-moore.com
Tue Apr 18 19:20:29 UTC 2017


Hi James,

A whopping 31 SELinux patches for v4.12, although 25 of these are the
small little patches from Markus.  Beyond those 25 patches, the
remaining six are equally trivial with the only real standout being
Stephen's patch to reorder the DAC_OVERRIDE and DAC_READ_SEARCH
checks.  Everything passes selinux-testsuite and merges cleanly with
the linux-security/next branch; please apply.

Thanks,
-Paul

---
The following changes since commit ca97d939db114c8d1619e10a3b82af8615372dae:

 security: mark LSM hooks as __ro_after_init (2017-03-06 11:00:15 +1100)

are available in the git repository at:

 git://git.infradead.org/users/pcmoore/selinux stable-4.12

for you to fetch changes up to cae303df3f379f04ce7efadb2e30de460918b302:

 selinux: Fix an uninitialized variable bug (2017-03-31 15:16:18 -0400)

----------------------------------------------------------------
Alexander Potapenko (1):
     selinux: check for address length in selinux_socket_bind()

Dan Carpenter (1):
     selinux: Fix an uninitialized variable bug

James Morris (1):
     selinux: constify nlmsg permission tables

Markus Elfring (25):
     selinux: Use kmalloc_array() in cond_init_bool_indexes()
     selinux: Delete an unnecessary return statement in cond_compute_av()
     selinux: Improve size determinations in four functions
     selinux: Use kmalloc_array() in hashtab_create()
     selinux: Adjust four checks for null pointers
     selinux: Use kcalloc() in policydb_index()
     selinux: Delete an unnecessary return statement in policydb_destroy()
     selinux: Return directly after a failed next_entry() in genfs_read()
     selinux: One function call less in genfs_read() after null pointer
              detection
     selinux: Delete an unnecessary variable assignment in
              filename_trans_read()
     selinux: Return directly after a failed next_entry() in range_read()
     selinux: Delete an unnecessary variable initialisation in range_read()
     selinux: Return directly after a failed kzalloc() in cat_read()
     selinux: Return directly after a failed kzalloc() in sens_read()
     selinux: Improve another size determination in sens_read()
     selinux: Return directly after a failed kzalloc() in user_read()
     selinux: Return directly after a failed kzalloc() in type_read()
     selinux: Return directly after a failed kzalloc() in role_read()
     selinux: Return directly after a failed kzalloc() in class_read()
     selinux: Return directly after a failed kzalloc() in common_read()
     selinux: Return directly after a failed kzalloc() in perm_read()
     selinux: Return directly after a failed kzalloc() in roles_init()
     selinux: Use kmalloc_array() in sidtab_init()
     selinux: Adjust two checks for null pointers
     selinuxfs: Use seq_puts() in sel_avc_stats_seq_show()

Matthias Kaehlcke (1):
     selinux: Remove unnecessary check of array base in selinux_set_mapping()

Nicolas Iooss (1):
     selinux: include sys/socket.h in host programs to have PF_MAX

Stephen Smalley (1):
     fs: switch order of CAP_DAC_OVERRIDE and CAP_DAC_READ_SEARCH checks

fs/namei.c                              | 20 +++++------
scripts/selinux/genheaders/genheaders.c |  1 +
scripts/selinux/mdp/mdp.c               |  1 +
security/selinux/hooks.c                |  8 +++++
security/selinux/nlmsgtab.c             | 10 +++---
security/selinux/selinuxfs.c            |  8 ++---
security/selinux/ss/conditional.c       | 14 ++++----
security/selinux/ss/hashtab.c           | 10 +++---
security/selinux/ss/policydb.c          | 59 ++++++++++++-----------------
security/selinux/ss/services.c          |  2 +-
security/selinux/ss/sidtab.c            |  6 ++--
11 files changed, 69 insertions(+), 70 deletions(-)

-- 
paul moore
www.paul-moore.com
--
To unsubscribe from this list: send the line "unsubscribe linux-security-module" in
the body of a message to majordomo at vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html



More information about the Linux-security-module-archive mailing list